Commit c7191f90 authored by unknown's avatar unknown

Fix for bug #32137: prepared statement crash with str_to_date in update clause

Problem: calling non-constant argument's val_xxx() methods 
in the ::fix_length_and_dec() is inadmissible.

Fix: call the method only for constant arguments.


mysql-test/r/ps.result:
  Fix for bug #32137: prepared statement crash with str_to_date in update clause
    - test result.
mysql-test/t/ps.test:
  Fix for bug #32137: prepared statement crash with str_to_date in update clause
    - test case.
sql/item_timefunc.cc:
  Fix for bug #32137: prepared statement crash with str_to_date in update clause
    - call argument's val_str() only for constant items in the 
      Item_func_str_to_date::fix_length_and_dec().
parent ab4f08b3
...@@ -1109,4 +1109,9 @@ a ...@@ -1109,4 +1109,9 @@ a
13 13
DEALLOCATE PREPARE st1; DEALLOCATE PREPARE st1;
DROP TABLE t1; DROP TABLE t1;
create table t1 (a int, b tinyint);
prepare st1 from 'update t1 set b= (str_to_date(a, a))';
execute st1;
deallocate prepare st1;
drop table t1;
End of 4.1 tests. End of 4.1 tests.
...@@ -1146,4 +1146,13 @@ EXECUTE st1; ...@@ -1146,4 +1146,13 @@ EXECUTE st1;
DEALLOCATE PREPARE st1; DEALLOCATE PREPARE st1;
DROP TABLE t1; DROP TABLE t1;
#
# Bug #32137: prepared statement crash with str_to_date in update clause
#
create table t1 (a int, b tinyint);
prepare st1 from 'update t1 set b= (str_to_date(a, a))';
execute st1;
deallocate prepare st1;
drop table t1;
--echo End of 4.1 tests. --echo End of 4.1 tests.
...@@ -2958,16 +2958,17 @@ Field *Item_func_str_to_date::tmp_table_field(TABLE *t_arg) ...@@ -2958,16 +2958,17 @@ Field *Item_func_str_to_date::tmp_table_field(TABLE *t_arg)
void Item_func_str_to_date::fix_length_and_dec() void Item_func_str_to_date::fix_length_and_dec()
{ {
char format_buff[64];
String format_str(format_buff, sizeof(format_buff), &my_charset_bin);
String *format;
maybe_null= 1; maybe_null= 1;
decimals=0; decimals=0;
cached_field_type= MYSQL_TYPE_STRING; cached_field_type= MYSQL_TYPE_STRING;
max_length= MAX_DATETIME_FULL_WIDTH*MY_CHARSET_BIN_MB_MAXLEN; max_length= MAX_DATETIME_FULL_WIDTH*MY_CHARSET_BIN_MB_MAXLEN;
cached_timestamp_type= MYSQL_TIMESTAMP_NONE; cached_timestamp_type= MYSQL_TIMESTAMP_NONE;
format= args[1]->val_str(&format_str); if ((const_item= args[1]->const_item()))
if (!args[1]->null_value && (const_item= args[1]->const_item())) {
char format_buff[64];
String format_str(format_buff, sizeof(format_buff), &my_charset_bin);
String *format= args[1]->val_str(&format_str);
if (!args[1]->null_value)
{ {
cached_format_type= get_date_time_result_type(format->ptr(), cached_format_type= get_date_time_result_type(format->ptr(),
format->length()); format->length());
...@@ -2975,13 +2976,13 @@ void Item_func_str_to_date::fix_length_and_dec() ...@@ -2975,13 +2976,13 @@ void Item_func_str_to_date::fix_length_and_dec()
case DATE_ONLY: case DATE_ONLY:
cached_timestamp_type= MYSQL_TIMESTAMP_DATE; cached_timestamp_type= MYSQL_TIMESTAMP_DATE;
cached_field_type= MYSQL_TYPE_DATE; cached_field_type= MYSQL_TYPE_DATE;
max_length= MAX_DATE_WIDTH*MY_CHARSET_BIN_MB_MAXLEN; max_length= MAX_DATE_WIDTH * MY_CHARSET_BIN_MB_MAXLEN;
break; break;
case TIME_ONLY: case TIME_ONLY:
case TIME_MICROSECOND: case TIME_MICROSECOND:
cached_timestamp_type= MYSQL_TIMESTAMP_TIME; cached_timestamp_type= MYSQL_TIMESTAMP_TIME;
cached_field_type= MYSQL_TYPE_TIME; cached_field_type= MYSQL_TYPE_TIME;
max_length= MAX_TIME_WIDTH*MY_CHARSET_BIN_MB_MAXLEN; max_length= MAX_TIME_WIDTH * MY_CHARSET_BIN_MB_MAXLEN;
break; break;
default: default:
cached_timestamp_type= MYSQL_TIMESTAMP_DATETIME; cached_timestamp_type= MYSQL_TIMESTAMP_DATETIME;
...@@ -2989,8 +2990,10 @@ void Item_func_str_to_date::fix_length_and_dec() ...@@ -2989,8 +2990,10 @@ void Item_func_str_to_date::fix_length_and_dec()
break; break;
} }
} }
}
} }
bool Item_func_str_to_date::get_date(TIME *ltime, uint fuzzy_date) bool Item_func_str_to_date::get_date(TIME *ltime, uint fuzzy_date)
{ {
DATE_TIME_FORMAT date_time_format; DATE_TIME_FORMAT date_time_format;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment